113 lines
2.8 KiB
Batchfile
113 lines
2.8 KiB
Batchfile
@echo off
|
|
|
|
echo "Windows???????? v0.1"
|
|
echo "??:ym"
|
|
|
|
if exist d:\????\ (
|
|
|
|
echo
|
|
|
|
) else (
|
|
|
|
md d:\????\
|
|
|
|
)
|
|
|
|
if not exist d:\????\ md d:\????\
|
|
|
|
|
|
|
|
echo "??????"
|
|
|
|
systeminfo >d:\????\????.log
|
|
|
|
echo "??????"
|
|
|
|
netstat -anb >d:\????\????.log
|
|
|
|
echo "????"
|
|
|
|
tasklist&net start >d:\????\????.log
|
|
|
|
echo "??????"
|
|
|
|
wmic process get name,executablepath,processid >d:\????\??????.log
|
|
|
|
echo "??????"
|
|
|
|
net share >d:\????\??????.log
|
|
|
|
echo "??????"
|
|
|
|
net user & net localgroup administrators >d:\????\??????.log
|
|
|
|
echo "??????"
|
|
|
|
echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names [1 2 19]>d:\regg.ini&echo HKEY_LOCAL_MACHINE\SAM\SAM\ [1 2 19] >>d:\regg.ini & regini d:\regg.ini® query HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names >d:\????\??????.log&del d:\regg.ini
|
|
|
|
echo "????????"
|
|
|
|
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run & reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run >d:\????\????????.log
|
|
|
|
echo "??????"
|
|
|
|
secedit /export /cfg LocalGroupPolicy&type LocalGroupPolicy >d:\????\??????.log
|
|
|
|
echo "IE???????"
|
|
|
|
reg query HKEY_CURRENT_USER\Software\Microsoft\Internet" "Explorer\TypedURLs >d:\????\IE???????.log
|
|
|
|
echo "???????"
|
|
|
|
reg query HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL /s /v DisPlayname >d:\????\???????.log
|
|
|
|
echo "??????"
|
|
|
|
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\SvcHost /s /v netsvcs® query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\SvcHost /s /v LocalService >d:\????\??????.log
|
|
|
|
echo "????"
|
|
|
|
netstat -a >d:\????\????.log
|
|
|
|
echo "CMD??"
|
|
|
|
reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU >d:\????\CMD??.log
|
|
|
|
echo "??????"
|
|
|
|
reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths >d:\????\??????.log
|
|
|
|
echo "??????2"
|
|
|
|
reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* /v * >d:\????\??????2.log
|
|
|
|
echo "????"
|
|
|
|
reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU >d:\????\????.log
|
|
|
|
echo "????"
|
|
|
|
reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU >d:\????\????.log
|
|
|
|
echo "C???????"
|
|
|
|
echo "????????????1,?????????0,?????2?,??????????"
|
|
|
|
echo "???????!"
|
|
|
|
set /p var=find /c /i "this program" c:\* c:\Inetpub\* C:\Users\Administrator\Desktop\* c:\temp\* >d:\????\??????.log
|
|
|
|
%var%
|
|
|
|
if %ERRORLEVEL% == 0 goto yes
|
|
|
|
goto no
|
|
|
|
:yes
|
|
|
|
exit
|
|
|
|
:no
|
|
|
|
find /c /i "this program" c:\* c:\wmpub\* c:\Inetpub\* C:\Documents and Settings\Administrator\??\* >d:\????\??????.log
|
|
echo "*****************ym***********************************" |